<!--SQL注入漏洞-->
<!--成语 -->
<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8">
    <title>数据库查询</title>
    <style>
        html{
            line-height: 1.8;
        }
        h1{
            color: red;
        }
        input{
            padding:10px;
            margin: 5px;
            border-radius: 8px;
        }
    </style>
</head>
<body>
    <?php if($_POST): ?>
        <h1>查成语</h1>
        <p>以【<?= $first=$_POST['first'] ?>】开头的成语有：</p><?php
        $db = new PDO('mysql:host=localhost; dbname=db', 'root', 'root');
        $db->setAttribute(PDO::ATTR_EMULATE_PREPARES,false);
        $ps=$db->query("select * from chengyu where first = '$first'");//
        foreach($ps as $row){
            echo "{$row['cy']} ";
        }?>
    <?php else: ?>
        <h1>根据首字查成语</h1>
        <form  method="post">
            请输入成语的第一个汉字：<br>
            <input name="first" />
            <input type="submit" value="执行查询">
        </form>
    <?php endif ?>
</body>
</html>